|
|
Posted by Mladen Gogala on 10/09/06 03:53
On Sat, 07 Oct 2006 17:14:58 -0400, OFM wrote:
> I am running an oracle database with the application written in PHP.
>
> I would like to be able to have the option to encrypt data residing in
> certain columns in certain tables i.e. encrypt the SSNO column but not
> the Fname column. I would like to keep it in its encrypted form in the
> database but I would like to be able to show it to certain privileged
> people based on a password.
>
> Can public key encryption be incorporated here in the php application
> such that if I can encrypt the data based on a key that in it self can
> be encrypted in a way that you can revoke certain passwords if the
> employee leaves - much that same way you have revocation lists
> management in PGP.
>
> Are there any suggestions on how to go about incorporating FLEXIBLE
> encryption of data with PHP and Oracle?
>
> Any help appreciated.
Oracle has something called "Advanced Security Option" which is a
commercial product and allows encryption of the entire database or parts
of it. There is also something called "VPD" (Virtual Private Database)
which allows users to see only the parts of the database they're entitled
to see. It takes a bit to set up, but it works really well. As for
revoking employee authorization once the employment is terminated, it
should be a standard practice. HR should have an application that would
disable VPN logins and logins to web visible applications and high
priority tickets to immediately revoke all access privileges should be
assigned to both system administration group and DBA group. Security is
not a part of an application, security is a philosophy that the company
must adhere to in everything it does.
--
http://www.mladen-gogala.com
Navigation:
[Reply to this message]
|